Romanian National Pleads Guilty to Participating in Multi-Million Dollar Scheme to Steal Payment Card Data from Hundreds of U.S. Merchants
A Romanian national pleaded guilty today to participating in an international, multimillion-dollar scheme to remotely hack into and steal payment card data from hundreds of U.S. merchants’ computers, announced Acting Assistant Attorney General Mythili Raman of the Justice Department’s Criminal Division, U.S. Attorney for the District of New Hampshire John P. Kacavas and Holly Fraumeni, Resident Agent in Charge of the U.S. Secret Service, Manchester, N.H., Resident Office.
Adrian-Tiberiu Oprea, 29, of Constanta, Romania, pleaded guilty in U.S. District Court in the District of New Hampshire to one count of conspiracy to commit computer fraud, one count of conspiracy to commit wire fraud and two counts of conspiracy to commit access device fraud.
The indictment to which Oprea pleaded guilty charges that, from approximately 2009 to 2011, he conspired with co-defendants Iulian Dolan and Cezar Butu to hack into hundreds of U.S.-based computers to steal credit, debit and payment account numbers and associated data (collectively “payment card data”) that belonged to U.S. cardholders.
According to the indictment, Oprea and Dolan remotely hacked into U.S. merchants’ “point-of-sale” (POS) or “check out” computer systems, where customers’ payment card data was electronically stored. Specifically, Oprea used the Internet to identify vulnerable POS systems that were based in the United States. After identifying a vulnerable system, Oprea gained access to the system and installed software programs called “keystroke loggers” (or “sniffers”) onto the POS systems. These programs recorded and stored all of the data that was keyed into or swiped through the merchants’ POS systems, including customers’ payment card data.
Oprea retrieved the card data and then electronically transferred it to various electronic storage locations (“dump sites”) that he had set up. Oprea later attempted to use the stolen payment card data to make unauthorized charges on, or transfers of funds from, the accounts. He also attempted to transfer the stolen payment card data to other co-conspirators for their use for similar purposes.
During the course of the conspiracy, the co-conspirators hacked into several hundred U.S. merchants’ POS systems and stole payment card data belonging to more than 100,000 U. S. cardholders.
Dolan and Butu previously pleaded guilty for their roles in the scheme. Dolan is scheduled to be sentenced on Aug. 15, 2013. In his plea agreement, Dolan agreed to be sentenced to serve seven years in prison. On Jan. 7, 2013, Butu was sentenced to serve 21 months in prison.
The case was investigated by the U.S. Secret Service, with the assistance of the New Hampshire State Police and Romanian authorities.
The case is being prosecuted by Trial Attorney Mona Sedky of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Arnold H. Huftalen of the District of New Hampshire. Significant assistance was provided by the Criminal Division’s Office of International Affairs.